1. Library
  2. Computer Networks
  3. Routing and Networks
  4. Network Models

Layer 4: The Transport Layer

Updated 8 hours ago

The Transport layer is where the Internet gets personal.

Lower layers don't care what you're saying or who you're saying it to. The Network layer just moves packets from A to B. The Data Link layer just gets frames across a single wire. But the Transport layer? It asks the questions that actually matter: Which application sent this? Which application should receive it? Did the message arrive intact? Did it arrive at all?

This is the layer where IP addresses become insufficient. A server might run dozens of applications—web server, email, database, SSH. They all share one IP address. The Transport layer adds port numbers, turning a single address into thousands of distinct endpoints. It's the difference between knowing someone's building address and knowing their apartment number.

Ports: The Apartment Numbers of the Internet

An IP address gets you to a machine. A port gets you to an application.

When your browser connects to a website, something specific happens: your computer picks a random high port (say, 52143) as its return address, then sends a message to port 443 on the server. The combination—IP address plus port—creates a socket. Two sockets together create a connection:

192.168.1.100:52143 ↔ 93.184.216.34:443
   Your computer          The server

Think of it like a phone call with extensions. Your phone number is your IP address. Your extension is your port. When you call someone, both phone numbers and both extensions together identify that specific conversation. This is how a single web server handles ten thousand simultaneous users—each connection has a unique socket pair.

The port number ranges exist for a reason:

0-1023 (Well-Known Ports): Reserved for standard services. When you type a URL, your browser knows to use port 443 for HTTPS, port 80 for HTTP. SSH lives on 22. Email on 25 and 587. DNS on 53. These are the Internet's well-known addresses—the ones everyone agrees on.

1024-49151 (Registered Ports): Applications register these to avoid conflicts. MySQL claims 3306. PostgreSQL takes 5432. Remote Desktop uses 3389.

49152-65535 (Dynamic Ports): Your computer grabs these on the fly for outgoing connections. Every browser tab, every app making a network request—each gets a temporary port from this range.

The Two Philosophies: TCP and UDP

The Transport layer offers two fundamentally different approaches to sending data. Your choice shapes everything about how your application behaves.

TCP: The Paranoid Protocol

TCP assumes the worst. It assumes packets will get lost. It assumes they'll arrive out of order. It assumes data will get corrupted. It assumes the receiver might be overwhelmed.

So TCP builds an entire system of accountability.

Before sending anything, TCP establishes a connection. This is the three-way handshake:

  1. Your computer sends a SYN: "I want to talk. My starting sequence number is X."
  2. The server responds with SYN-ACK: "I acknowledge your X. My starting sequence number is Y."
  3. Your computer sends ACK: "I acknowledge your Y. Let's begin."

Only after this ritual can data flow. It takes time—one full round trip before a single byte of actual data moves. But now both sides know the other is listening.

During transmission, TCP numbers everything. Every byte gets a sequence number. Every received segment gets acknowledged. If the sender doesn't hear back within a timeout, it assumes the worst and retransmits. If segments arrive out of order, the receiver uses sequence numbers to reassemble them correctly. If duplicates arrive, they're discarded.

This is reliable delivery: the guarantee that if the connection stays up, your data arrives exactly once, in exactly the right order.

TCP also watches capacity. The receiver advertises how much buffer space it has (the window size). The sender respects this limit—no point sending data faster than the receiver can process it. And TCP watches the network itself: when it detects congestion (packet loss, growing delays), it backs off. It starts slow, ramps up gradually, and retreats when things get crowded. TCP is a good citizen.

Ending is as formal as beginning. Either side can send a FIN (finish). The other side acknowledges, then sends its own FIN. Final acknowledgment. Connection closed. Four messages to say goodbye.

UDP: The Optimistic Protocol

UDP assumes the best. It assumes packets will probably arrive. It assumes you'll deal with it if they don't.

UDP has no handshake. No connection. No acknowledgments. No retransmissions. No flow control. No congestion control. You create a datagram, you throw it into the network, you hope.

The UDP header is eight bytes. TCP's is at least twenty. That difference matters when you're sending thousands of packets per second.

Why would anyone use UDP? Because sometimes reliability isn't worth the cost.

Video calls: If a packet containing a video frame arrives late, it's useless—the moment has passed. Better to drop it and show the next frame than to pause everything waiting for a retransmission.

Online gaming: The server sends your position sixty times per second. If packet 47 is lost, packet 48 is already on its way with newer information. Retransmitting 47 would just waste bandwidth.

DNS lookups: You send a question, you expect an answer. If no answer comes, you just ask again. The application handles retry logic—no need for TCP's complexity.

Live streaming: Viewers tolerate a few dropped frames. They don't tolerate constant buffering while TCP retransmits.

UDP also supports multicast and broadcast—sending one packet to many receivers. TCP can't do this; it's strictly one-to-one.

Choosing Between Them

The choice is rarely subtle:

Use TCP when:

  • Every byte matters (file transfer, email, web pages)
  • Order matters (database transactions, remote shells)
  • You'd rather wait than lose data
  • The application doesn't want to handle reliability itself

Use UDP when:

  • Speed matters more than completeness (streaming, gaming, VoIP)
  • Old data becomes irrelevant (real-time position updates)
  • You're doing multicast or broadcast
  • The application has its own reliability mechanism
  • Latency is critical (no time for retransmissions)

HTTP uses TCP because you need every byte of a webpage in the right order. Video streaming increasingly uses UDP (or QUIC, which is UDP underneath) because a smooth playback experience beats perfect fidelity.

The Protocol Beneath Your Applications

Every network application sits on top of the Transport layer. When you open a socket in code, you're asking the Transport layer to manage a conversation. TCP sockets give you a reliable stream—write bytes in, bytes come out the other end in order. UDP sockets give you datagrams—discrete packets that may or may not arrive.

The Transport layer handles the complexity so applications don't have to. A web browser doesn't worry about packet loss. A video player doesn't worry about TCP's overhead. Each picks the appropriate transport and lets the layer do its job.

Beyond TCP and UDP

The transport landscape is evolving:

QUIC runs on top of UDP but provides TCP-like reliability with lower latency. It powers HTTP/3. The key insight: moving transport logic into the application lets you innovate faster than changing the OS kernel.

SCTP offers reliable message-oriented transport with multiple streams and multi-homing (multiple network paths). It's used in telecommunications signaling.

DCCP provides unreliable transport with congestion control—UDP's speed with better network citizenship.

But TCP and UDP remain the workhorses. Understanding them means understanding how your data actually moves.

When Things Go Wrong

Transport layer problems reveal themselves in predictable ways:

Connection refused: Nothing's listening on that port. Either the service isn't running or a firewall is blocking it.

Connection timeout: The SYN went out, no SYN-ACK came back. The remote host might be down, the port might be firewalled, or the network path is broken.

Excessive retransmissions: Packets are being lost. Could be congestion, could be a failing link, could be a misconfigured router.

Small window sizes: Throughput is limited because the receiver (or sender) has insufficient buffer space. Often a configuration issue.

Port already in use: Another application claimed that port. Only one application can bind to a given port at a time.

Tools like netstat, ss, and tcpdump let you see exactly what's happening at the Transport layer—active connections, listening ports, packet exchanges, retransmission rates.

Frequently Asked Questions About the Transport Layer

Was this page helpful?

😔
🤨
😃